c08 network protocols

Download C08 network protocols

Post on 08-Jun-2015




3 download

Embed Size (px)


  • 1. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Mobile Communications Chapter 8:Network Protocols/Mobile IP Motivation Data transfer Encapsulation Security IPv6 Problems Micro mobility support DHCP Ad-hoc networks Routing protocols

2. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Motivation for Mobile IPRouting based on IP destination address, network prefix (e.g. 129.13.42)determines physical subnet change of physical subnet implies change of IP address to have atopological correct address (standard IP) or needs special entries inthe routing tablesSpecific routes to end-systems? change of all routing table entries to forward packets to the rightdestination does not scale with the number of mobile hosts and frequentchanges in the location, security problemsChanging the IP-address? adjust the host IP address depending on the current location almost impossible to find a mobile system, DNS updates take tolong time TCP connections break, security problems 3. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Requirements to Mobile IP (RFC 3344, was: 3220, was: 2002)Transparency mobile end-systems keep their IP address continuation of communication after interruption of link possible point of connection to the fixed network can be changedCompatibility support of the same layer 2 protocols as IP no changes to current end-systems and routers required mobile end-systems can communicate with fixed systemsSecurity authentication of all registration messagesEfficiency and scalability only little additional messages to the mobile system required(connection typically via a low bandwidth radio link) world-wide support of a large number of mobile systems in thewhole Internet 4. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/TerminologyMobile Node (MN) system (node) that can change the point of connectionto the network without changing its IP addressHome Agent (HA) system in the home network of the MN, typically a router registers the location of the MN, tunnels IP datagrams to the COAForeign Agent (FA) system in the current foreign network of the MN, typically a router forwards the tunneled datagrams to the MN, typically also thedefault router for the MNCare-of Address (COA) address of the current tunnel end-point for the MN (at FA or MN) actual location of the MN from an IP point of view can be chosen, e.g., via DHCPCorrespondent Node (CN) communication partner 5. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Example networkmobile end-systemInternetrouterrouterrouterend-systemFAHAMNhome networkforeignnetwork(physical home networkfor the MN)(current physical networkfor the MN)CN 6. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Data transfer to the mobile systemInternetsenderFAHAMNhome networkforeignnetworkreceiver1231. Sender sends to the IP address of MN,HA intercepts packet (proxy ARP)2. HA tunnels packet to COA, here FA,by encapsulation3. FA forwards the packetto the MNCN 7. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Data transfer from the mobile systemInternetreceiverFAHAMNhome networkforeignnetworksender11. Sender sends to the IP addressof the receiver as usual,FA works as default routerCN 8. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/OverviewCNrouterHArouterFAInternetrouter1.2.3.homenetworkMNforeignnetwork4.CNrouterHArouterFAInternetrouterhomenetworkMNforeignnetworkCOA 9. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Network integrationAgent Advertisement HA and FA periodically send advertisement messages into theirphysical subnets MN listens to these messages and detects, if it is in the home or aforeign network (standard case for home network) MN reads a COA from the FA advertisement messagesRegistration (always limited lifetime!) MN signals COA to the HA via the FA, HA acknowledges via FA to MN these actions have to be secured by authenticationAdvertisement HA advertises the IP address of the MN (as for fixed systems), i.e.standard routing information routers adjust their entries, these are stable for a longer time (HAresponsible for a MN over a longer period of time) packets to the MN are sent to the HA, independent of changes in COA/FA 10. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/type = 16length = 6 + 4 * #COAsR: registration requiredB: busy, no more registrationsH: home agentF: foreign agentM: minimal encapsulationG: GRE encapsulationr: =0, ignored (former Van Jacobson compression)T: FA supports reverse tunnelingreserved: =0, ignoredAgent advertisementpreference level 1router address 1#addressestypeaddr. size lifetimechecksumCOA 1COA 2type = 16 sequence numberlength0 7 8 15 16 312423codepreference level 2router address 2. . .registration lifetime. . .R B H F M G r reservedT 11. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/RegistrationtMN HAregistrationrequestregistrationreplytMN FA HAregistrationrequestregistrationrequestregistrationreplyregistrationreply 12. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Mobile IP registration requesthome agenthome addresstype = 1 lifetime0 7 8 15 16 312423T xidentificationCOAextensions . . .S B DMG rS: simultaneous bindingsB: broadcast datagramsD: decapsulation by MNM mininal encapsulationG: GRE encapsulationr: =0, ignoredT: reverse tunneling requestedx: =0, ignored 13. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Mobile IP registration replyhome agenthome addresstype = 3 lifetime0 7 8 15 16 31codeidentificationextensions . . .Example codes:registration successful0 registration accepted1 registration accepted, but simultaneous mobility bindings unsupportedregistration denied by FA65 administratively prohibited66 insufficient resources67 mobile node failed authentication68 home agent failed authentication69 requested Lifetime too longregistration denied by HA129 administratively prohibited131 mobile node failed authentication133 registration Identification mismatch135 too many simultaneous mobility bindings 14. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Encapsulationoriginal IP header original datanew datanew IP headerouter header inner header original data 15. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Encapsulation IEncapsulation of one packet into another as payload e.g. IPv6 in IPv4 (6Bone), Multicast in Unicast (Mbone) here: e.g. IP-in-IP-encapsulation, minimal encapsulation or GRE(Generic Record Encapsulation)IP-in-IP-encapsulation (mandatory, RFC 2003) tunnel between HA and COACare-of address COAIP address of HATTLIP identificationIP-in-IP IP checksumflags fragment offsetlengthDS (TOS)ver. IHLIP address of MNIP address of CNTTLIP identificationlay. 4 prot. IP checksumflags fragment offsetlengthDS (TOS)ver. IHLTCP/UDP/ ... payload 16. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Encapsulation IIMinimal encapsulation (optional) avoids repetition of identical fields e.g. TTL, IHL, version, DS (RFC 2474, old: TOS) only applicable for unfragmented packets, no space left forfragment identificationcare-of address COAIP address of HATTLIP identificationmin. encap. IP checksumflags fragment offsetlengthDS (TOS)ver. IHLIP address of MNoriginal sender IP address (if S=1)Slay. 4 protoc. IP checksumTCP/UDP/ ... payloadreserved 17. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Generic Routing Encapsulationoriginalheaderoriginal datanew datanew headerouter headerGREheaderoriginal dataoriginalheaderCare-of address COAIP address of HATTLIP identificationGRE IP checksumflags fragment offsetlengthDS (TOS)ver. IHLIP address of MNIP address of CNTTLIP identificationlay. 4 prot. IP checksumflags fragment offsetlengthDS (TOS)ver. IHLTCP/UDP/ ... payloadrouting (optional)sequence number (optional)key (optional)offset (optional)checksum (optional)protocolrec. rsv. ver.CRK S sRFC 1701RFC 2784reserved1 (=0)checksum (optional)protocolreserved0 ver.C 18. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Optimization of packet forwardingTriangular Routing sender sends all packets via HA to MN higher latency and network loadSolutions sender learns the current location of MN direct tunneling to this location HA informs a sender about the location of MN big security problems!Change of FA packets on-the-fly during the change can be lost new FA informs old FA to avoid packet loss, old FA now forwardsremaining packets to new FA this information also enables the old FA to release resources for theMN 19. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Change of foreign agentCN HA FAold FAnew MNMN changeslocationtData Data DataUpdateACKData DataRegistrationUpdateACKDataData DataWarningRequestUpdateACKDataData 20. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Reverse tunneling (RFC 3024, was: 2344)InternetreceiverFAHAMNhome networkforeignnetworksender3211. MN sends to FA2. FA tunnels packets to HAby encapsulation3. HA forwards the packet to thereceiver (standard case)CN 21. Prof. Dr.-Ing. Jochen Schiller, http://www.jochenschiller.de/Mobile IP with reverse tunnelingRouter accept often only topological correct addresses (firewall!) a packet from the MN encapsulated by the FA is now topologicalcorrect furthermore multicast and TTL problems solved (TTL in the homenetwork correct, but MN is to far away from the receiver)Reverse tunneling does not solve problems with firewalls, the reverse tunnel can be abused tocircumvent security mechanisms (tunnel hijacking) optimization of data paths, i.e. packets will be forwarded throughthe tunnel via the HA to a sender (double triangular routing)The standard is backwards compatible the extensions can be implemented easily and cooperate withcurrent implementations without these extensions Agent Advertisements can carry requests for reverse tunneling 22. Prof. Dr.-Ing. Jochen Schiller, http